<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <meta http-equiv="Content-Type" content=
    "application/xhtml+xml; charset=iso-8859-1" />
    <title>
      Chapter&nbsp;4.&nbsp;Security
    </title>
    <link rel="stylesheet" type="text/css" href="../stylesheets/lfs.css" />
    <meta name="generator" content="DocBook XSL Stylesheets V1.78.1" />
    <link rel="stylesheet" href="../stylesheets/lfs-print.css" type=
    "text/css" media="print" />
  </head>
  <body class="blfs" id="blfs-2020-04-02">
    <div class="navheader">
      <h4>
        Beyond Linux<sup>�</sup> From Scratch <span class="phrase">(System
        V</span> Edition) - Version 2020-04-02
      </h4>
      <h3>
        Part&nbsp;II.&nbsp;Post LFS Configuration and Extra Software
      </h3>
      <ul>
        <li class="prev">
          <a accesskey="p" href="random.html" title=
          "Random Number Generation">Prev</a>
          <p>
            Random Number Generation
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="vulnerabilities.html" title=
          "Vulnerabilities">Next</a>
          <p>
            Vulnerabilities
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="postlfs.html" title=
          "Part&nbsp;II.&nbsp;Post LFS Configuration and Extra Software">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
    <div class="chapter" lang="en" xml:lang="en">
      <h1 class="chapter">
        <a id="postlfs-security" name="postlfs-security"></a>Security
      </h1>
      <p>
        Security takes many forms in a computing environment. After some
        initial discussion, this chapter gives examples of three different
        types of security: access, prevention and detection.
      </p>
      <p>
        Access for users is usually handled by <span class=
        "command"><strong>login</strong></span> or an application designed to
        handle the login function. In this chapter, we show how to enhance
        <span class="command"><strong>login</strong></span> by setting
        policies with <span class="application">PAM</span> modules. Access
        via networks can also be secured by policies set by <span class=
        "application">iptables</span>, commonly referred to as a firewall.
        The Network Security Services (NSS) and Netscape Portable Runtime
        (NSPR) libraries can be installed and shared among the many
        applications requiring them. For applications that don't offer the
        best security, you can use the <span class=
        "application">Stunnel</span> package to wrap an application daemon
        inside an SSL tunnel.
      </p>
      <p>
        Prevention of breaches, like a trojan, are assisted by applications
        like <span class="application">GnuPG</span>, specifically the ability
        to confirm signed packages, which recognizes modifications of the
        tarball after the packager creates it.
      </p>
      <p>
        Finally, we touch on detection with a package that stores
        "signatures" of critical files (defined by the administrator) and
        then regenerates those "signatures" and compares for files that have
        been changed.
      </p>
      <div class="toc">
        <h3>
          Table of Contents
        </h3>
        <ul>
          <li class="sect1">
            <a href="vulnerabilities.html">Vulnerabilities</a>
          </li>
          <li class="sect1">
            <a href="make-ca.html">make-ca-1.7</a>
          </li>
          <li class="sect1">
            <a href="cracklib.html">CrackLib-2.9.7</a>
          </li>
          <li class="sect1">
            <a href="cryptsetup.html">cryptsetup-2.3.1</a>
          </li>
          <li class="sect1">
            <a href="cyrus-sasl.html">Cyrus SASL-2.1.27</a>
          </li>
          <li class="sect1">
            <a href="gnupg.html">GnuPG-2.2.20</a>
          </li>
          <li class="sect1">
            <a href="gnutls.html">GnuTLS-3.6.13</a>
          </li>
          <li class="sect1">
            <a href="gpgme.html">GPGME-1.13.1</a>
          </li>
          <li class="sect1">
            <a href="haveged.html">Haveged-1.9.2</a>
          </li>
          <li class="sect1">
            <a href="iptables.html">iptables-1.8.4</a>
          </li>
          <li class="sect1">
            <a href="firewall.html">Setting Up a Network Firewall</a>
          </li>
          <li class="sect1">
            <a href="libcap.html">libcap-2.33 with PAM</a>
          </li>
          <li class="sect1">
            <a href="linux-pam.html">Linux-PAM-1.3.1</a>
          </li>
          <li class="sect1">
            <a href="liboauth.html">liboauth-1.0.3</a>
          </li>
          <li class="sect1">
            <a href="libpwquality.html">libpwquality-1.4.2</a>
          </li>
          <li class="sect1">
            <a href="mitkrb.html">MIT Kerberos V5-1.18</a>
          </li>
          <li class="sect1">
            <a href="nettle.html">Nettle-3.5.1</a>
          </li>
          <li class="sect1">
            <a href="nss.html">NSS-3.51</a>
          </li>
          <li class="sect1">
            <a href="openssh.html">OpenSSH-8.2p1</a>
          </li>
          <li class="sect1">
            <a href="p11-kit.html">p11-kit-0.23.20</a>
          </li>
          <li class="sect1">
            <a href="polkit.html">Polkit-0.116</a>
          </li>
          <li class="sect1">
            <a href="shadow.html">Shadow-4.8.1</a>
          </li>
          <li class="sect1">
            <a href="ssh-askpass.html">ssh-askpass-8.2p1</a>
          </li>
          <li class="sect1">
            <a href="stunnel.html">stunnel-5.56</a>
          </li>
          <li class="sect1">
            <a href="sudo.html">Sudo-1.8.31p1</a>
          </li>
          <li class="sect1">
            <a href="tripwire.html">Tripwire-2.4.3.7</a>
          </li>
          <li class="sect1">
            <a href="volume_key.html">volume_key-0.3.12</a>
          </li>
        </ul>
      </div>
    </div>
    <div class="navfooter">
      <ul>
        <li class="prev">
          <a accesskey="p" href="random.html" title=
          "Random Number Generation">Prev</a>
          <p>
            Random Number Generation
          </p>
        </li>
        <li class="next">
          <a accesskey="n" href="vulnerabilities.html" title=
          "Vulnerabilities">Next</a>
          <p>
            Vulnerabilities
          </p>
        </li>
        <li class="up">
          <a accesskey="u" href="postlfs.html" title=
          "Part&nbsp;II.&nbsp;Post LFS Configuration and Extra Software">Up</a>
        </li>
        <li class="home">
          <a accesskey="h" href="../index.html" title=
          "Beyond Linux� From Scratch     (System V Edition) - Version 2020-04-02">
          Home</a>
        </li>
      </ul>
    </div>
  </body>
</html>
